Tuesday, 28 February 2012

After the official Microsoft Store in India was breached,
the Redmond company issued a statement to reassure customers that the
hackers didn’t gain access to credit card information. In a second email
sent to clients, the company admitted that financial information may
have been exposed.

According to Amit Agarwal’s Digital Inspiration
blog, Microsoft sent out the second series of emails on February 27,
advising Microsoft Store India customers to sign up for credit
monitoring services to avoid any unfortunate incidents.

“Further detailed investigation and review of data provided by the
website operator revealed that financial information may have been
exposed for some Microsoft Store India customers,” reads Microsoft’s
second letter to customers.

It’s believed that Quasar Media, the organization in charge of
administrating the Microsoft Store, neglected to encrypt the sensitive
information, allowing Chinese Evil Shadow hackers to easily gain access to the information.

The fact that the store recorded all the data in clear text was also revealed by the hacker at the time of the incident.

“The data is very important. Any security enthusiasts are interested in
the data. We have made some of the data from the Microsoft India Mall,
this behavior is designed to showcase that even Microsoft-owned stores
will also use clear text passwords. Data has no value in China,” the
hackers said at the time.

7z1, one of the hackers of the Chinese hacker crew that breached the online store, told us in a recent interview that they had no intention whatsoever to use the information stored on the site’s servers for malicious purposes.

“I am not a robber, a thief. What I did with the Microsoft mall was to
make sure that their security would be enhanced, I did not publish
data,” he said.

At the time of writing, Microsoft’s store is still not functional,
displaying the same message that was posted right after the breach
occurred.